memory integrity Archives

Tech Optimizer

March 21, 2025

Cybercriminals Exploit CheckPoint Driver Flaws in Malicious Campaign

A report by Nima Bagheri reveals that CheckPoint’s ZoneAlarm antivirus software is being exploited by threat actors using a method called Bring Your Own Vulnerable Driver (BYOVD). This attack targets vulnerabilities in the vsdatant.sys driver, which operates with high-level kernel privileges, allowing attackers to bypass Windows security measures. Specifically, version 14.1.32.0 of vsdatant.sys, released in 2016, contains vulnerabilities that enable attackers to circumvent the Windows Memory Integrity feature, gaining access to sensitive information and establishing persistent connections to compromised systems. Bagheri advises users to update to the latest version of vsdatant.sys, which is not vulnerable. CheckPoint confirmed that the outdated driver is no longer in use and that users running the latest versions of ZoneAlarm or Harmony Endpoint are not affected.

Winsage

November 1, 2024

Want Windows 10 Security? That Will Be $30, Microsoft Says

Microsoft will end support for Windows 10 on October 14, 2025. Users can opt for an Extended Security Update (ESU) program to maintain security updates for one year, which will require a one-time fee. The ESU program will provide critical and important security updates but will not include new feature updates, bug fixes, or technical support. Enrollment for the ESU program will open closer to the end of support in 2025.

Winsage

November 1, 2024

How to prepare for Windows 10 end of support by moving to Windows 11 today

Microsoft will end support for Windows 10 on October 14, 2025, and is encouraging users to transition to Windows 11. Key points include the advantages of upgrading, eligibility assessment for current PCs, resources for acquiring new PCs, and details on Extended Security Updates (ESU). Windows 11 features enhanced security with a 62% reduction in security incidents, improved performance, multitasking tools, accessibility enhancements, energy efficiency, and AI integration. The operating system includes hardware-based protections and advanced authentication methods, such as the Microsoft Pluton Security Processor and Smart App Control. Users can check their upgrade eligibility through Windows Update and may need a new PC for full benefits. Microsoft offers resources for data transfer and synchronization. The ESU program will provide critical security updates for those needing more time to transition. Windows 11 is designed to support organizations, promising a 250% return on investment and improved device management.

Winsage

October 9, 2024

10 Windows 11 security settings to keep your PC safe

Windows 11 includes several built-in security features designed to protect users from threats: - Microsoft Defender: A built-in antivirus program that provides real-time protection against threats and can perform various types of system scans. - Firewall & Network Protection: Monitors incoming and outgoing traffic to prevent unauthorized access, customizable for specific applications. - App & Browser Control: Utilizes SmartScreen to check URLs and downloads against a database of known threats, blocking harmful installations. - Core Isolation: Adds protection for sensitive processes using virtualization-based security features like Memory integrity. - Ransomware Protection: Shields files and folders from unauthorized access and provides recovery options through Controlled folder access. - BitLocker Encryption: An encryption tool available on Windows 11 Pro, Enterprise, and Education editions that secures hard disk data. - Secure Boot: A BIOS-level feature that ensures Windows boots only with trusted software, preventing boot process hijacking. - Dynamic Lock: Automatically locks the device when a paired Bluetooth-enabled device goes out of range. - Windows Hello: Allows biometric authentication for logging in using facial recognition, fingerprints, or a PIN. - User Account Control (UAC): Prompts for confirmation when actions requiring administrator-level permission are initiated, helping to prevent unauthorized changes.

Winsage

October 3, 2024

Understanding VBS Enclaves, Windows’ new security technology

The implementation of a trusted execution environment on personal computers enhances data security by protecting data in use, in addition to traditional data protection methods. Windows 11 features advanced memory integrity tools that create an isolated memory segment called Virtual Trust Level 1 (VTL 1) for a secure version of the Windows kernel, while the standard environment operates at Virtual Trust Level 0 (VTL 0). VBS Enclaves require Windows 11 or Windows Server 2019 or later with VBS enabled, which can be done through Windows security tools, Group Policy, or Intune for Mobile Device Management (MDM). Enabling VBS across all supported devices is recommended to reduce security risks.